You may wonder where I got this huge load of cypher suites in the Apache config. Depending on which kind of site you are hosting you can decide for weaker or stronger suites. I chose the Intermediate from the Mozilla Site.

And make sure, that you forward all http traffic to https. This is important, because the Let’s Encrypt client tries to get the verification file from http. With the redirect the client will be able to get the file with https enabled.

Now we have a certificate which is not valid for a very long time. This is by intention by Let’s encrypt. The goal is that certificate renewals should be automated. For this I wrote a little script.

Place this script in /opt/letsencrypt as letsencrypt-renew.sh

This script makes sure that you get a new certificate for your website. It also has a check enabled for people with a dynamic IP. In case this script runs and your provider switches the IP before your dynamic DNS service (like dynDNS and noip) gets the information about it, it will end.